1 / 35

System Administration

System Administration. NFS & Web Servers. NFS Server. File System Operations. Create file / directory Remove file / directory List directory Open file Read from file Write to file …. NFS. Network file system File system ops over network RPC-based IP-based authorization

Download Presentation

System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. System Administration NFS & Web Servers

  2. NFS Server

  3. File System Operations • Create file / directory • Remove file / directory • List directory • Open file • Read from file • Write to file • …

  4. NFS • Network file system • File system ops over network • RPC-based • IP-based authorization • Traffic not encrypted

  5. From 鳥哥的Linux私房菜

  6. Remote Procedure Call From SGI IRIX Network Programming Guide

  7. RPC – Port mapper • List which port has what service • “portmap” or “rpcbind” • List services: rpcinfo -p

  8. NFS Server • Debian Package: nfs-kernel-server • NFS server is implemented in kernel.The package is for support utilities. • Configuration: /etc/exports • See exports(5) manpage • Show exported paths • exportfs • showmount

  9. /etc/exports /home 192.168.1.0/24(ro) Path Client IP(modifier) 目錄分享對象 (權限)

  10. Client IPs • IPs (192.168.1.1) • IP networks (192.168.1.0/24) • Hostnames (www.csie.ntu.edu.tw) • Wildcards (*.csie.ntu.edu.tw) • Hostname determined via reverse DNS lookup

  11. Modifiers • rw/ ro • sync / async • root_squash / no_root_squash • all_squash • [more in exports(5) manpage]

  12. NFS Client • Debian Package: nfs-common • NFS client is implemented in kernel.The package is for support utilities. • Configuration: /etc/fstab

  13. /etc/fstab # local /dev/sda1 / ext4 rw # nfs nfs:/home /home nfsrw

  14. NFS mount options • fg / bg • hard/soft • intr/nointr(Nouseafter2.6.25) • rsize= & wsize= • See nfs(5) manpage

  15. Automount • Automatically mount filesystem when accessed • Unmount after some time unused • Implemented in kernel • Package: autofs , autofs5

  16. Web Servers

  17. HTTP • Hypertext Transfer Protocol Request Response Header Response Body

  18. HTTP (cont.) • Other binary protocols exist • SPDY • Multiplexing streams through a single TCP connection. • QUIC • Optimized for mobile devices • Over UDP • SSL handshake improvement

  19. Apache HTTP Server • Oldest(?) open source web server • Most popular according to Netcraft • Very versatile • CGI/FastCGI/WSGI/PSGI/Rack/… • mod_perl / mod_python / mod_ruby • Many 3rd party modules

  20. Lighttpd • Lightweight HTTP(S) server • Single process event driven • Early solution to C10k problem • CGI, FastCGI, SCGI support • Little new development

  21. Nginx • Web server • Reverse proxy • Load balancing • Single process event driven • FastCGI / SCGI / uWSGI • No CGI • High performance static file serving

  22. Multi-Processing Module • prefork • 1 process per request • worker • worker thread pool • 1 thread per connection • Event • event driven with worker thread pool • 1 thread per request • More info see • http://serverfault.com/questions/383526/how-do-i-select-which-apache-mpm-to-use

  23. Apache Packages • Debian meta-package • apache2 • MPM • apache2-mpm-* • 3rd party modules • libapache2-mod-*

  24. Basic Configuration # What port to use Listen 80 # My name ServerName nasa.csie.ntu.edu.tw # Run as User www-data Group www-data # PID PidFile /var/run/apache2.pid # log ErrorLog /var/log/apache2/error.log

  25. Serving Configuration # Where is / DocumentRoot /var/www/base # Permissions for /var/www/base <Directory /var/www/base> Options None Order allow,deny Allow from all </Directory>

  26. Virtual Hosts • Serving many sites with 1 server • IP-based virtual hosts • 1 website per IP • Port-based virtual hosts • 1 website per port • Name-based virtual hosts • Many websites per IP/port • Differentiate with “Host” header

  27. Name-based Virtual Host NameVirtualHost * <VirtualHost *> DocumentRoot /var/www/www ServerName www.csie.ntu.edu.tw <Directory /var/www/www> Options None Order allow,deny Allow from all </Directory> </VirtualHost>

  28. HTTP Authentication • 401 Unauthorized • Basic • Password sent in plaintext • Digest • Challenge / Response • mod_auth • mod_auth* • Many backends • htpasswd • Manage Apache basic password files

  29. HTTP Authentication <Location /locked> # Use basic authentication AuthType Basic # Name to show in dialog AuthName “Restricted” # Use htpasswd file based AuthBasicProvider file # Path to password file AuthUserFile /etc/apache/users.pw # Any user is good Require valid-user </Location>

  30. URL Rewrite • Rewrite a URL internally • Make pretty URLs to user • Map old URL to new • Redirect • Regex • Conditional • Enable mod_rewrite

  31. URL Rewrite # Load mod_rewrite LoadModulerewrite_module modules/mod_rewrite.so # Enable rewrite RewriteEngine On # rewrite rule # Redirect /blog?p=N to /new/blog/N RewriteRule ^/blog?p=(\d+) /new/blog/$1 [R]

  32. FastCGI • 2.2: mod_fastcgior mod_fcgid • 2.4: mod_proxy, mod_proxy_fcgi • Run PHP with FastCGI if you can • php-fpm – FastCGI Process Manager

  33. PHP FastCGI for Apache 2.2 # Load modules LoadModulefastcgi_modulemodules/mod_fastcgi.so # Associate an alias for the 'fake' fcgi call. Alias /php5.fcgi /var/www/php5.fcgi # Assign the 'fake' fcgi to an 'external' FastCGI Server FastCGIExternalServer /var/www/php5.fcgi -flush -host 127.0.0.1:9000 # Create the handler mappings to associate PHP files with a call to '/php5.fcgi' AddType application/x-httpd-fastphp5 .php Action application/x-httpd-fastphp5 /php5.fcgi

  34. PHP FastCGI for Apache 2.4 # Load modules LoadModuleproxy_module modules/mod_proxy.so LoadModuleproxy_fcgi_modulemodules/mod_proxy_fcgi.so # Pass PHP file to FastCGI handler ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/$1

  35. Homework • Explain the “secure/insecure” options in /etc/exports in you own words. • What security issues may incur when using “insecure” option? • In early times, running a website over SSL requires a dedicated IP address. Describe why and how it is solved by using SNI (Server Name Indication). • Describe what “TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384” in TLS 1.2 cipher suite means.

More Related